Fully two months after the Heartbleed virus was discovered, up to 300,000 Internet servers are still vulnerable to the OpenSSL attack. The problem is so bad “indicates people have stopped even trying to patch,” Rob Graham, a spokesperson with Errata Security, recently said in a report.
At the heart of the vulnerability is OpenSSL, a widely-adopted security software application used to secure online banking, credit card payments, and other sensitive activities and could have been used in as many as 500,000 websites around the world. ValueWalk reported in April a patch to the vulnerability has since been found and applied to most servers, yet those servers that have been effected may have no way of knowing as the virus leaves no trace of its presence. Those patches are now in question with today’s report.
The dangers of Heartbleed virus
If the Heartbleed virus is successful, hackers can steal valuable customer information, including encryption keys that could unlock access to usernames, passwords and other data protected in a high security environment.
The Heartbleed virus is like a sleeper cell time bomb, as the bug sat dormant for nearly two years before being uncovered in April. Bloomberg, in fact, ran a report that said The U.S. National Security Agency was aware of the virus for two years but used it to exploit computers for spying purposes. The NSA has since vehemently denied this charge, but as Bloomberg points out this denial fails to jive with Congressional reports. In December a review group, handpicked by US President Barack Obama, prophetically addressed the need for the NSA to reveal security breaches rather than to exploit them: “In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the group told the president. “Eliminating the vulnerabilities — ‘patching’ them — strengthens the security of US Government, critical infrastructure, and other computer systems.”
Heartbleed affects Android devices
Today’s report says the attack may not be limited to Internet web servers but may include Android smartphones as well.
Computer security experts warn that Heartbleed, while dangerous, is one of many vulnerabilities. Being patched for Heartbleed doesn’t guarantee that a site has its other security software up-to-date. For consumers, experts advise the best they can do is be mindful of what he can control. That means using unique passwords, two-factor authentication when available and preferably a secure password manager.